Every few days or weeks, I look at the logs for this blog. It is out of interest only, since there aren’t any ads here and I don’t get paid to run the site or make the content. At the beginning of a new month, the referrer list can be interesting. Often those links are from UbuntuForums or Lifehacker or other websites where I’ve left relevant links back here. A few friendly websites also link back like My Linux Rig and even Wikipedia and WikiBooks.
Log Referral Spam
Anyway, today the referrer server list was filled with Bit.ly, is.gd, cort.as and tinyurl.com links along with a bunch of easily seen XXX rated websites. We don’t do adult-only content here, because that is not what the content is about here. I’m assuming 90% of these referrers were URL shorteners … back to adult content websites, though a few were to the constant cheap handbags sites too. I don’t understand why they bother with referral links here. The logs aren’t seen externally, so any referrals don’t help them.
Perhaps they are frustrated that their constant comment spam doesn’t get posted here? The last few months, it has been pretty heavy, which is why some comments take a while to be approved and sometimes spammy-sounding comments aren’t posted at all. Sorry if I deleted your valid comment.
I needed an explanation. Adrian Roselli’s URL Shortener Spam article taught me. Definitely read his post for all the details, but here’s a summary:
- Some blog software publicly lists referrers, so these links are displayed on lots of different websites. It seems that WordPress does this. I do not know if that is true. Other blog software probably does it too. Mine does not.
- Using URL shorteners hides their XXX or cheap drugs or cheap handbags links from a casual regex filter. For me, that makes it easier, since I never use those URL shorteners, I can block all comments using them. Adrian calls this Link Lying, a good term.
A Fix? Perhaps.
There is none, at least not on the surface. I looked at the logs in a little more detail and saw a bunch of requests from a single source IP, but it used ZERO bytes of bandwidth. That IP was in the same country as the referral websites. Interesting. I looked at a few of the detailed log entries and verified that zero bytes were transfered, but the referral link was included. They were just pushing referrals, nothing more.
That subnet has been blocked at the firewall. Does that prevent future issues? Nope. But those folks will probably not bother with me again.
How do you handle log spam or blog spam?
Do you bother fighting back?
Now back to our regularly scheduled virtualization, KVM, Ubuntu Server posts, I promise.